Cybersecurity Requires a Curiosity Mindset

Pursuing a career in cybersecurity can be intimidating as hell.

For newbies, the sheer complexity of information systems coupled with the sinister dedication of bad actors and the crushing ramifications of failure can be a lot to stomach.

But (nearly) every journey looks intimidating at the outset. Just as—to draw a timely parallel—many New Year’s resolutions will seem daunting come January 1. In the spirit of new beginnings, then, let us take an opportunity to reflect on what attracted you to cybersecurity in the first place.

One of the most important traits of a successful information security professional is a lifelong commitment to learning, requiring the kind of person who loves to continually learn about technology and get paid for what they know.

But what is the best way to keep this learning muscle strong?

Everyone learns throughout their life. It’s how the world works and civilizations progress. But for many, learning stops at a certain point because it takes additional effort. In school, you must learn to pass a test and get a grade. At work, you learn to fulfill a function and earn a paycheck. After that, many people are tempted to coast, thinking their learning days are over because they have conquered a sufficient chore.

It doesn’t have to be that way. Instead, think about embracing a curiosity mindset.

Curiosity is the desire to learn. The unquenchable thirst to know what is around the next corner, building upon your existing knowledge to fully wrap your brain around a concept and continuously apply it.

In cybersecurity, this is a critical trait because the unknown is exactly what bad actors exploit, so exercising feverish curiosity about their next move is how you keep up and even get ahead.

Adopting a curiosity mindset means replacing, conceptually, the outcome of learning with the process itself. In other words, enjoying the journey as much as or more than the destination. It means embracing that you want to learn and like to learn and so therefore you will learn more and more—again and again.

When you shift your brain into curiosity mode, you ask questions to dive deeper to uncover hidden truths. You are priming your brain to receive data and information, engage with it, and store it for use or redefinition as needed. It can lead to the rewarding cycle of dopamine hits each time you learn something new, locking that information in, and taking full advantage of the neurochemistry of learning.

Another benefit of being curious is you are more likely to step out of your comfort zone and explore. There are always negative aspects to leaving your comfort zone. That is why it is uncomfortable. The fear of the unknown and the energy required to try something new can often be mental blockers. Curiosity can be the positive counterweight to these negative thoughts and serve as your intellectual armor in forging ahead into the unfamiliar.

In cybersecurity, this could mean branching out of your existing network to meet new people who are tackling related security projects or dedicating more time to research and learning (via the type of resources listed at the end of this article).

For those new to cyber, it could mean committing to a university course and dedicating the requisite time to getting your bearings in the industry. Or setting a goal to listen to two security podcasts a week (recommendations also included below).

Simply adopting a curiosity mindset is not easy, especially if you are approaching a subject for the first time. For a complex topic like cybersecurity, it can be difficult to gain traction and feel like you are fully comprehending all the information coming at you. Sometimes when this happens, it can be hard to pay attention and things become uninteresting.

Many people fall into the trap of, “I’m not interested in this thing, and therefore I won’t learn or understand it.”

But it can just as easily go the other way: “Because you don’t understand it, it hasn’t had the opportunity to become interesting yet, and therefore you won’t learn it.”

Curiosity means committing yourself to understanding the root of a subject and building a foundation of knowledge so you can erect lots of interesting and sturdy intellectual architecture on top of it.

A better metaphor comes from Tim Urban, founder of Wait But Why blog (personal favorite of mine), who has garnered an enormous following from being curious and diving a mile deep on topics like AI Superintelligence, Tesla, and Cryonics. He likens knowledge to a tree:

“I’ve heard people compare knowledge of a topic to a tree. If you don’t fully get it, it’s like a tree in your head with no trunk—and without a trunk, when you learn something new about the topic—a new branch or leaf of the tree—there’s nothing for it to hang onto, so it just falls away. By clearing out fog all the way to the bottom, I build a tree trunk in my head, and from then on, all new information can hold on, which makes that topic forever more interesting and productive to learn about. And what I usually find is that so many of the topics I’ve pegged as ‘boring’ in my head are actually just foggy to me—like watching episode 17 of a great show, which would be boring if you didn’t have the tree trunk of the back story and characters in place.”

Many of those in cybersecurity already have a hefty trunk of knowledge to build from. But for those who don’t, it will take some committed learning—or a curiosity mindset—to get there.

Below you will find an extensive list of free podcasts and university classes available for you to continue your deep dive into cybersecurity as you look ahead to the new year.

And, yes, F5 also has some great resources for this:

• F5 Podcasts
• F5’s DevCentral Community

Curiosity is a choice. An intentional mindset. The brain is just like any muscle in the body: if you use it in a particular way over and over it will get stronger and more competent in that use case.

So, here’s to hitting the mental gym in the new year (especially since I may not make it to a physical one anytime soon)!

Cybersecurity Networking

• 50 Women In Cybersecurity Associations And Groups To Follow
• Executive Women's Forum
• Women in CyberSecurity
• Black Cybersecurity Association
• Cybersecurity Marketing Association

Cybersecurity Podcasts

• Getting Into Infosec
• Blueprint
• The Social-Engineer Podcast
• Trust Me, I'm Certified
• 7 Minute Security

Security. Cryptography. Whatever

• InfoSec and OSINT Show
• The Shared Security Show
• Down the Security Rabbit Hole
• BarCode
• Smashing Security
• Technovation
• Unsupervised Learning
• Risky Biz
• Hacking Humans
• Darknet Diaries
• Security Now!
• The CyberWire Daily Podcast
• 401 Access Denied
• Defense in Depth
• Human Factor Security
• Hacking Your Health Podcast
• Hacker Valley Studio
• Malicious Life
• ISC StormCast

 Free University Classes

• Here are 5 free online cybersecurity courses hosted by top universities
• Top 6 Free Online Cybersecurity Courses With Certifications In 2023
• An Ultimate Guide to Cyber Security for Beginners
• IBM Cybersecurity
• New York University: Introduction to Cyber Attacks
• Stanford University: Cryptography I
• University of Maryland: Hardware Security
• University of Michigan: Internet History, Technology, and Security
• Western Governors University: Network and Security Foundations
• Google – Continuous Innovation to Keep you Safe Online

Top Cybersecurity Blogs to Follow

• 100 Best Cybersecurity Blogs and Websites